Skillset

If you work in the IT field, you’re obviously familiar with the cloud. What was once a bit of a novelty has now become commonplace, meaning every company and government is making use of it. This also means that most cloud professionals are feeling a bit crowded in the job market.

Can you relate?

If so, consider becoming a CCSP. Below is all the information it should take to convince you.

What Is a CCSP?

CCSP stands for Certified Cloud Security Professional. It’s a designation that was created as a natural response to both the rise in popularity of the cloud and the corresponding security concerns that have developed alongside it.

Unfortunately, the vast majority – if not all – of legacy approaches are simply inadequate. Organizations must have experienced, competent professionals equipped with the latest knowledge about cloud security and the type of skills required to implement the kind of approaches required to keep such a vast infrastructure safe.

The Cloud Security Alliance, in concert with (ISC)², are two of the world’s foremost nonprofits dedicated to cloud and information security. Both of these groups back CCSP, which should give you some idea of how much weight this title carries within the industry.

Someone who is a CCSP is automatically seen as an individual with a deep understanding of security as it relates not just to cloud computing but also software, information and cyber environments.

Furthermore, unlike many other designations and certificates, earning the CCSP title proves that the individual actually has hands-on experience, not just theoretical competency.

Even in light of the cloud’s relatively recent arrival as a mainstream option, the CCSP designation remains a fairly new one, which also speaks to its value as a title that represents cutting edge capabilities.

It is also meant to complement two other certifications. CSA’s Certificate of Cloud Security Knowledge (CCSK) and (ISC)²’s Certified Information Systems Security Professional. The CCSP dovetails and builds from both of these quite well.

Who Is the CCSP For?

Recall that we mentioned that one of the reasons CCSP has become so popular in such a short amount of time is because it represents experience. This is due in large part to the fact that the only way you can earn this certification is if you have at least five years of experience in the field.

These five years must include three working in information security and one in the field of cloud computing. Furthermore, the individual must have spent one year working in one of the six CCSP domains, which we’ll get into a bit later.

This requirement isn’t an arbitrary one. It’s to ensure that CCSPs have been exposed to functioning IT environments. Again, the hands-on approach truly means something. The knowledge that comes from this kind of experience is invaluable. Amongst other things, people who work for their CCSPs necessarily understand practical approaches and not just the theoretical kind.

As we mentioned a moment ago, the CCSP designation is meant to build off of CSA’s CCSK. However, the CISSP can be substituted for it.

How to Become a CCSP

If you’ve decided that it’s worth exploring the process further, let’s now look at what it takes to become a CCSP.

Remember, the basics are:

Five years of combined, IT experience in a paid, full-time capacity

Three years of working in information security

One year working in one of the six domains we’re about to list

You can also substitute that last requirement for earning the CCSK certification. All of these requirements are also unnecessary if you already have the (ISC)²’s CISSP credential.

Those who feel they’re ready for the exam but don’t have the required experience yet can also become an associate of (ISC)²’s. They are allowed to take the CCSP exam now and can then go about working on the requirements going forward to receive the actual certification.

The Six CCSP Domains

Before we continue with the “how” of becoming a CCSP, it’s important that you understand the six domains that it covers. It’s not just a prerequisite that you have a year of experience with one of them; you’ll also need to understand all six for the actual exam.

These six domains are:

Cloud Data Security (20%)

Architecture and Design (19%)

Operations (15%)

Infrastructure Security (19%)

Application Security (15%)

Compliance (12%)

You may sometimes see these listed with slightly different names. Those percentages next to the titles are the weight they carry in the actual exam.

While each of these topics is expansive, we’re going to now summarize them for you to give you a better understanding of why they’re part of the CCSP exam and what they cover.

Cloud Data Security

Given the nature of the CCSP designation, it should come as no surprise that cloud data security is given such priority. This subject is concerned with the principles, standards, concepts and structures used to design, secure and monitor:

Networks

Equipment

Applications

They can also be used in service of any controls required to enforce various levels of integrity, confidentiality and availability in the cloud environments.

To this end, you will need to have a strong knowledge of the following:

Architecture and Design

Next, you must be competent in all definitions and concepts related to cloud computing based on the ISO/EIC 17788 standard; security concepts and principles relevant to secure cloud computing.

This will involve:

Understanding cloud computing concepts

Understanding security concepts relevant to cloud computing

Describing cloud reference architecture

Identifying trusted cloud services

Understanding design principles of secure cloud computing

Operations

A big part of being a CCSP is being able to identify critical information and execute specific measures that will reduce or altogether eliminate the risk of adversary exploitation of it. You must understand what’s required for cloud architecture to run and manage it. Your competency must extend to the definition of controls over media, hardware and the operators who have been granted access privileges. The auditing and monitoring of tools, mechanisms and facilities is part of operations, as well.

Examples of the tasks you must be able to perform include:

Supporting the planning process required for the design and building of a data center

Implementing and building physical infrastructures for cloud environments

Running and managing the physical infrastructure for cloud environments

Infrastructure Security

If you want to be a CCSP, you must understand cloud infrastructure components. This includes the virtual and the physical. You need knowledge of existing threats, which means being able to mitigate and develop plans for dealing with them.

To do these things, you must be able to:

Analyze risks associated with cloud infrastructures

Understand each piece of a cloud infrastructure

Design, plan, build and implement security controls

Create business continuity management and disaster recovery plans

Application Security

You will need to be able to use verified security software, but also know the processes involved in assurance and validation of cloud software. This important capability will require that you can:

Recognize the necessity of training and awareness for the sake of cloud application security

Understand the tasks related to cloud software assurance and validation

Properly use verified security software

Appreciate the whole of the SDLC (Software Development Lifecycle) Process

Leverage the SDLC

Understand the specifics related to cloud application architecture

Design suitable IAM (Identity and Access Management) solutions

Compliance

Finally, it should go without saying that compliance is important when it comes to enterprise cloud solutions across all industries. Obviously, this will entail a number of legal issues in general, though the industry you go on to work in will add even more you must understand.

For the CSSP exam, you must be able to address ethical behavior and recognize what compliance entails inside of regulatory frameworks. As a CCSP, you will need to use investigative techniques and measures to gather evidence (e.g. forensics, eDiscovery and legal controls). You may be called upon to create methodologies regarding audit processes and privacy issues.

Your aptitude for enterprise compliance and risk management should also extend to specifics like:

Implications of risk management for the cloud environment

Outsourcing and contracts for cloud design

Execution of vendor management

Auditing methodologies, processes and necessary adaptations for the cloud environment

The cloud environment’s legal requirements and unique risks

Privacy issues related to jurisdictional variations

As you can probably see, the CCSP exam covers an extensive breadth of knowledge. This may seem intimidating, especially if you only have experience in or two areas, but keep in mind that there will be rewards for earning an internationally-recognized certification like this.

In fact, let’s take a look at some of those rewards next.

Why Earn Your CCSP?

Obviously, the main benefit we’ve mentioned so far in relation to the CCSP is that you will develop an unrivaled competence where cloud security is concerned. Just by meeting the prerequisites, you’ll have proven you’re someone with hands-on experience in this field.

Now, that being said, what good is this competency if it doesn’t translate into other benefits, like job opportunities and a better salary?

Here is a list of eight common job titles for CCSPs:

Enterprise Architect

Security Administrator

Security Architect

Security Consultant

Security Engineer

Security Manager

Systems Architect

Systems Engineer

This is by no means an exhaustive list. Any of these titles could represent dozens of different specific roles, too. For example, being a security consultant could entail working for any number of different companies on countless different projects.

It’s tough to put an objective number on how much a CCSP certification is worth. As we already mentioned, a lot of it depends on what kind of work you do. There’s also the matter of where you’re working from.

However, when looking at the UK, for example, 90% of the jobs posted for CCSP professionals across IT Jobs Watch paid at least $73,000. The other 10% started at $103,000.

That’s up 2.32% over the past year and more than 40% if you go back to 2015.

Of course, you need to keep in mind that these numbers include London, but if you’re not living there, you wouldn’t have the same standard of living to cover either.

Furthermore, the demand for these jobs is clearly on an upward trajectory, as well. Since 2016, this site shows 4.5x as many job postings. Looking a year back, the job postings have increased by 13.5x.

Becoming a CCSP requires a bare minimum of five years in the field, including specific forms of experience. Even then, you’ll have to work very hard to study for a very tough exam. However, as we hopefully showed with the above, demand for these jobs is also on the rise – and so is the amount these professionals get paid.

If you’re interested in job security and increasing your income, it makes sense to working toward becoming a CCSP.

One response to “The Ultimate Guide to CCSP Certification”

No — this is a certification I have, and it’s useless as anything other than a resume stuffer. It was rushed out, has contradictory elements, and focuses more on supply-chain issues than on cloud per se.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Website

Save my name, email, and website in this browser for the next time I comment.

8 − =

About InfoSec

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We provide the best certification and skills development training for IT and security professionals, as well as employee security awareness training and phishing simulations. Learn more at infosecinstitute.com.

Connect with us

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

Why Take This Training?

How will you fund your training?

What is your training budget?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam